[prev in list] [next in list] [prev in thread] [next in thread]
List: graphicsmagick-commit
Subject: [GM-commit] GraphicsMagick: 4 new changesets
From: GraphicsMagick Commits <graphicsmagick-commit () lists ! sourceforge ! net>
Date: 2017-07-10 16:42:23
Message-ID: mailman.22944.1499704953.24383.graphicsmagick-commit () lists ! sourceforge ! net
[Download RAW message or body]
changeset 17ac6d3439f3 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=17ac6d3439f3
summary: coders/png.c (ReadMNGImage): Fix apparent off-by-one error
changeset b24f2a9b0dd7 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=b24f2a9b0dd7
summary: Fix typo in ChangeLog
changeset d0a76868ca37 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=d0a76868ca37
summary: coders/png.c (ReadMNGImage): Fix out-of-order CloseBlob()
changeset 1265df574db7 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=1265df574db7
summary: merge
diffstat:
ChangeLog | 12 +++++++-
VisualMagick/installer/inc/version.isx | 4 +-
coders/png.c | 6 ++--
magick/blob.c | 48 +++++++++++++++++-----------------
magick/version.h | 4 +-
www/Changelog.html | 15 ++++++++++
6 files changed, 57 insertions(+), 32 deletions(-)
diffs (210 lines):
diff -r 653a3d55168b -r 1265df574db7 ChangeLog
--- a/ChangeLog Mon Jul 10 07:58:27 2017 -0400
+++ b/ChangeLog Mon Jul 10 12:41:59 2017 -0400
@@ -1,7 +1,17 @@
+2017-07-10 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
+
+ * magick/blob.c: Add casts to fix undefined behavior in left
+ shifts. Issue was reported by Agostino Sarubbo via email on Mon,
+ 10 Jul 2017.
+
2017-07-09 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us>
- * coders/png.c (ReadOneJngImage): Ignore out-of-bounds MOVE
+ * coders/png.c (ReadOneJNGImage): Ignore out-of-bounds MOVE
and CLIP object_id's.
+ * coders/png.c (ReadMNGImage): Fix apparent off-by-one error
+ in MNG FRAM change_clipping processing.
+ * coders/png.c (ReadMNGImage): Fix out-of-order CloseBlob()
+ and DestroyImageList() that caused a use-after-free crash.
2017-07-08 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us>
diff -r 653a3d55168b -r 1265df574db7 VisualMagick/installer/inc/version.isx
--- a/VisualMagick/installer/inc/version.isx Mon Jul 10 07:58:27 2017 -0400
+++ b/VisualMagick/installer/inc/version.isx Mon Jul 10 12:41:59 2017 -0400
@@ -10,5 +10,5 @@
#define public MagickPackageName "GraphicsMagick"
#define public MagickPackageVersion "1.4"
-#define public MagickPackageVersionAddendum ".020170708"
-#define public MagickPackageReleaseDate "snapshot-20170708"
+#define public MagickPackageVersionAddendum ".020170710"
+#define public MagickPackageReleaseDate "snapshot-20170710"
diff -r 653a3d55168b -r 1265df574db7 coders/png.c
--- a/coders/png.c Mon Jul 10 07:58:27 2017 -0400
+++ b/coders/png.c Mon Jul 10 12:41:59 2017 -0400
@@ -4465,10 +4465,10 @@
" Framing_timeout=%ld",
frame_timeout);
}
- if (change_clipping && (p-chunk) < (ssize_t) (length-17))
+ if (change_clipping && (p-chunk) < (ssize_t) (length-16))
{
fb=mng_read_box(previous_fb,p[0],&p[1]);
- p+=17;
+ p+=16;
previous_fb=fb;
if (logging)
(void) LogMagickEvent(CoderEvent,GetMagickModule(),
@@ -5161,8 +5161,8 @@
if (image == (Image *) NULL)
{
+ CloseBlob(previous);
DestroyImageList(previous);
- CloseBlob(previous);
MngInfoFreeStruct(mng_info,&have_mng_structure);
return((Image *) NULL);
}
diff -r 653a3d55168b -r 1265df574db7 magick/blob.c
--- a/magick/blob.c Mon Jul 10 07:58:27 2017 -0400
+++ b/magick/blob.c Mon Jul 10 12:41:59 2017 -0400
@@ -1,5 +1,5 @@
/*
-% Copyright (C) 2003 - 2016 GraphicsMagick Group
+% Copyright (C) 2003 - 2017 GraphicsMagick Group
% Copyright (C) 2002 ImageMagick Studio
% Copyright 1991-1999 E. I. du Pont de Nemours and Company
%
@@ -3320,10 +3320,10 @@
if (ReadBlob(image,4,buffer) != 4)
return(0U);
- value=buffer[3] << 24;
- value|=buffer[2] << 16;
- value|=buffer[1] << 8;
- value|=buffer[0];
+ value=(magick_uint32_t) buffer[3] << 24;
+ value|=(magick_uint32_t) buffer[2] << 16;
+ value|=(magick_uint32_t) buffer[1] << 8;
+ value|=(magick_uint32_t) buffer[0];
return(value & 0xffffffff);
}
@@ -3370,10 +3370,10 @@
if (ReadBlob(image,4,buffer) != 4)
return(0U);
- value.uint32=buffer[3] << 24;
- value.uint32|=buffer[2] << 16;
- value.uint32|=buffer[1] << 8;
- value.uint32|=buffer[0];
+ value.uint32=(magick_uint32_t) buffer[3] << 24;
+ value.uint32|=(magick_uint32_t) buffer[2] << 16;
+ value.uint32|=(magick_uint32_t) buffer[1] << 8;
+ value.uint32|=(magick_uint32_t) buffer[0];
value.uint32&=0xffffffff;
return value.int32;
}
@@ -3473,8 +3473,8 @@
if (ReadBlob(image,2,buffer) != 2)
return(0U);
- value=buffer[1] << 8;
- value|=buffer[0];
+ value=(magick_uint16_t) buffer[1] << 8;
+ value|=(magick_uint16_t) buffer[0];
return(value & 0xffff);
}
@@ -3521,8 +3521,8 @@
if (ReadBlob(image,2,buffer) != 2)
return(0U);
- value.uint16=buffer[1] << 8;
- value.uint16|=buffer[0];
+ value.uint16=(magick_uint16_t) buffer[1] << 8;
+ value.uint16|=(magick_uint16_t) buffer[0];
value.uint16&=0xffff;
return value.int16;
}
@@ -3874,9 +3874,9 @@
if (ReadBlob(image,4,buffer) != 4)
return(0U);
- value=buffer[0] << 24;
- value|=buffer[1] << 16;
- value|=buffer[2] << 8;
+ value=(magick_uint32_t) buffer[0] << 24;
+ value|=(magick_uint32_t) buffer[1] << 16;
+ value|=(magick_uint32_t) buffer[2] << 8;
value|=buffer[3];
return(value & 0xffffffff);
}
@@ -3925,10 +3925,10 @@
if (ReadBlob(image,4,buffer) != 4)
return(0);
- value.uint32=buffer[0] << 24;
- value.uint32|=buffer[1] << 16;
- value.uint32|=buffer[2] << 8;
- value.uint32|=buffer[3];
+ value.uint32=(magick_uint32_t) buffer[0] << 24;
+ value.uint32|=(magick_uint32_t) buffer[1] << 16;
+ value.uint32|=(magick_uint32_t) buffer[2] << 8;
+ value.uint32|=(magick_uint32_t) buffer[3];
value.uint32&=0xffffffff;
return value.int32;
}
@@ -3976,8 +3976,8 @@
if (ReadBlob(image,2,buffer) != 2)
return(0U);
- value=buffer[0] << 8;
- value|=buffer[1];
+ value=(magick_uint16_t) buffer[0] << 8;
+ value|=(magick_uint16_t) buffer[1];
return(value & 0xffff);
}
@@ -4024,8 +4024,8 @@
if (ReadBlob(image,2,buffer) != 2)
return(0U);
- value.uint16=buffer[0] << 8;
- value.uint16|=buffer[1];
+ value.uint16=(magick_uint16_t) buffer[0] << 8;
+ value.uint16|=(magick_uint16_t) buffer[1];
value.uint16&=0xffff;
return value.int16;
}
diff -r 653a3d55168b -r 1265df574db7 magick/version.h
--- a/magick/version.h Mon Jul 10 07:58:27 2017 -0400
+++ b/magick/version.h Mon Jul 10 12:41:59 2017 -0400
@@ -38,8 +38,8 @@
#define MagickLibVersion 0x191600
#define MagickLibVersionText "1.4"
#define MagickLibVersionNumber 19,16,0
-#define MagickChangeDate "20170708"
-#define MagickReleaseDate "snapshot-20170708"
+#define MagickChangeDate "20170710"
+#define MagickReleaseDate "snapshot-20170710"
/*
The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines
diff -r 653a3d55168b -r 1265df574db7 www/Changelog.html
--- a/www/Changelog.html Mon Jul 10 07:58:27 2017 -0400
+++ b/www/Changelog.html Mon Jul 10 12:41:59 2017 -0400
@@ -35,6 +35,21 @@
<div class="document">
+<p>2017-07-10 Bob Friesenhahn <<a class="reference external" \
href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span> \
4;</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
+<blockquote>
+<ul class="simple">
+<li>magick/blob.c: Add casts to fix undefined behavior in left
+shifts. Issue was reported by Agostino Sarubbo via email on Mon,
+10 Jul 2017.</li>
+</ul>
+</blockquote>
+<p>2017-07-09 Glenn Randers-Pehrson <<a class="reference external" \
href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@ \
</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
+<blockquote>
+<ul class="simple">
+<li>coders/png.c (ReadOneJngImage): Ignore out-of-bounds MOVE
+and CLIP object_id's.</li>
+</ul>
+</blockquote>
<p>2017-07-08 Glenn Randers-Pehrson <<a class="reference external" \
href="mailto:glennrp%40simple.dallas.tx.us">glennrp<span>@ \
</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
<blockquote>
<ul class="simple">
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Graphicsmagick-commit mailing list
Graphicsmagick-commit@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/graphicsmagick-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic